CVE-2026-27579

Name of the Vulnerable Software and Affected Versions CollabPlatform (affected versions not specified)

Description The application’s Appwrite project is misconfigured, allowing arbitrary origins in Cross-Origin Resource Sharing (CORS) responses while also permitting credentialed requests. This allows an attacker-controlled domain to issue authenticated cross-origin requests and potentially read sensitive user account information, including email address, account identifiers, and MFA status.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.